LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A critical, actively exploited vulnerability (CVE-2026-48172, CVSS 10.0) in the LiteSpeed user-end cPanel plugin allows arbitrary script execution as root; affected plugin versions 2.3 through 2.4.4 should be upgraded to cPanel plugin v2.4.7 (bundled with WHM plugin 5.3.1.0) or the user-end plugin should be uninstalled. The vendor published a grep-based IOC to check for compromise and credited the researcher; additional hardening was released following a review of cPanel/WHM plugins.